Configure Inline Network Ports and Inline Network
An inline network consists of inline network ports, always in pairs, running at the same speed, on the same medium (either fiber or copper). The inline network ports must be on the same GigaVUE-HC series node.
Following are the two types of inline network:
Unprotected inline network—It is an arrangement of two ports of the inline network type. The arrangement facilitates access to a bidirectional link between two networks (two far-end network devices) that need to be linked through an inline tool. |
Protected inline network—It is implemented using bypass combo modules. It is based on the pairs of ports associated with physical protection switches on the bypass combo modules. For a protected inline network, the ports are created automatically when the bypass combo modules are recognized by the GigaVUE® HC Series node. |
To configure inline network ports and an inline network:
1. | On the left navigation pane, go to Physical > Orchestrated Flows > Inline Flows, and then click Configuration Canvas to create a new Flexible Inline Canvas. |
2. | In the Flexible Inline Canvas that is displayed, select the required device for which you want to configure the inline network. |
3. | Click the ‘+’ icon next to the Inline Network option to create a new inline network. |
1 | Inline Network Configuration |
4. | In the Alias and Description fields, enter a name and description for the inline network, and then click Port Editor. |
5. | In the Quick Port Editor, scroll down to the inline network ports that you wish to configure. Select Enable to administratively enable inline network ports, and then click OK. |
6. | From the Port A and Port B drop-down lists, select the ports that you want to configure as the inline network pair. |
7. | From the Traffic Path drop-down list, select one of the following options: |
Bypass—all traffic that originates from the inline network bypasses the sequence of inline tools and inline tool groups and is redirected to the opposite-side inline network port. |
Drop—all traffic originating from the inline network is dropped. |
Bypass with Monitoring—a copy of the traffic originating from the inline network bypasses the sequence of inline tools and inline tool groups and is redirected to the opposite-side inline network port. Another copy of the traffic is directed to the sequence of inline tools and inline tool groups, except that no traffic of the second copy is sent to the exit port. |
To Inline Tool—all traffic originating from the inline network is directed to the sequence of inline tools and inline tool groups and is guided through the inline tools and inline tool groups according to the current inline tool and inline tool group status. |
8. | Select the Link Failure Propagation check box to ensure that the inline network link failure on one side of the inline network is propagated to the other side. For details, refer to Network Port Link Status Propagation Parameter. |
9. | Select the Accept Regular Heartbeat check box to ensure that the inline network port pair accepts the heartbeat packets that are sent from the inline tool port pair. For details, refer to Heartbeat Support Between GigaVUE Nodes. |
10. | Click OK to save the configuration. |
11. | Drag the Inline Network object to the canvas and click Deploy. |
One of the parameters of inline networks is link status propagation, which controls the behavior of the link status for the inline network ports involved in a given inline network. The default is enabled.
When enabled, an inline network link failure on one side of the inline network will be propagated to the other side. For example, when the link is lost on one side of the network such that traffic cannot be sent to the inline tools, the link on the opposite side of the network is also brought down.
When the link is restored to the side that originally went down, the link will automatically be restored to the other side of the network. The GigaVUE node will not forward packets to the inline tools until the link is restored on both sides.
Link status propagation is enabled by selecting Link Failure Propagation when configuring an inline network port.
The heartbeat mechanism focuses on providing extended heartbeat capability to monitor the following types of devices when the devices are connected to the inline-tool pair of ports as a tool:
GigaVUE nodes |
GigaVUE nodes with GigaSMART operations configured |
Following figure illustrates an example of a topology with GigaVUE nodes placed at three different layers.
The GigaVUE node at the access layer accesses the network traffic, gets the traffic processed by the tools at the tool layer, and transmits the processed traffic back to the network.
The GigaVUE node at the distribution layer distributes the traffic from the access layer to the tool layer.
The GigaVUE node at the tool layer acts as the TLS/SSL decryption tool.
In this topology, heartbeats are essential to monitor the traffic integrity at the distribution layer and to ensure automatic failover in case of a tool failure. In the access layer device, the ports that are connected to the distribution layer device are configured as inline tool ports because they face the tool side. In the distribution layer device, the ports that are connected to the access layer device are configured as inline network ports because they face the network side of the topology. The heartbeat packets will be sent from the inline tool port pair of the access layer device to the inline network port pair of the distribution layer device. If the forwarding state of the inline network pair is normal, the heartbeat packet is sent back to the inline tool port pair of the access layer device. Else, the packet is dropped.
The heartbeat mechanism is extended to support the GigaVUE node at the distribution layer to monitor the GigaVUE node that acts as a tool at the tool layer. In the distribution layer device, the ports that are connected to the tool layer device are configured as inline tool ports. In the tool layer device, the ports that are connected to the distribution layer device are configured as inline network ports. The heartbeat packets that are sent from the distribution layer device to the tool layer device will monitor the availability of both, the tool layer device and its GigaSMART engines.